MESSAGE authorization rules

Vaclav Kubart


Table of Contents

Terms
Instant message authorization documents
Example
Usage with XCAP
Bibliography

Abstract

This document folows specification of authorization documents suggested by [common auth] and defines document format for storing rules for authorization of instant messages.

Terms

sender

User sending the instant message represented by URI present in From header field.

recipient

User receiving the instant message represented by AOR/To URI.

Instant message authorization documents

Instant message authorization document is XML document formated according to schema defined in [common auth]. It inherits MIME type of common policy documents defined there - application/auth-policy+xml.

All XML elements designed in this document belong to “urn:iptel:xml:ns:im-rules” namespace.

Conditions

Conditions are processed according specification in [common auth].

Sphere

If the "instant messaging server" (proxy) trying to resolve authorization rules is bound together with presence server it can take the sphere value from presence server as defined in [presence auth], otherwise is sphere value considered undefined in terms of common policy processing.

Actions

This document defines one action - <im-handling>. It is defined an enumerated integer type (like sub-handling in [presence auth]). Possible values are:

block (value 0)

The message should not be delivered to the user and should be rejected with 403 Forbidden result code. This is the dafault value of im-handling.

allow (value 1)

The message should be delivered to the destination user.

In the future may these values change.

If there are more matching rules, the resulting action will be the maximum of their <im-handling> values.

Transformations

Transformations are not defined at this moment. In the future there can be for example length limitations or some flagging (like “spam”) or rate limitations.

Example

<?xml version="1.0"?>
<ruleset xmlns="urn:ietf:params:xml:ns:common-policy"
xmlns:im="urn:iptel:xml:ns:im-rules">
  <rule id="whitelist">
    <conditions>
      <identity>
        <id>sip:jan@test-domain.com</id>
        <id>sip:pavel@test-domain.com</id>
        <id>sip:vasek@test-domain.com</id>
        <id>sip:ja@test-domain.com</id>
      </identity>
    </conditions>
    <actions>
      <im:im-handling>allow</im:im-handling>
    </actions>
    <transformations/>
  </rule>
  <rule id="blacklist">
    <conditions>
      <identity>
        <id>sip:smith@test-domain.com</id>
      </identity>
    </conditions>
    <actions>
      <im:im-handling>block</im:im-handling>
    </actions>
    <transformations/>
  </rule>
</ruleset>

Usage with XCAP

This document defines “im-rules” as unique application usage ID (AUID) requiered by XCAP specification.

Naming conventions

When an instant message comes to a IM/presence server (proxy) within its domain, the server should look for document [xcap-root]/im-rules/users/[recipient username]/im-rules.xml and process rules in it.